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DETAILED ACTION 
Response to Arguments 

1 . Applicant's arguments filed 7/19/04 have been fully considered but they 
are not persuasive. 

2. In response to applicants arguments that in the invention taught by 
Schneck, the user does not define the rules. The examiner disagrees. Schneck 
teaches a case where the rules are not provided and must be provided by the 
user (Col 19, Lines 34-45, Schneck) 

3. Regarding arguments for newly added claims 17-19, applicant's 
arguments fail to comply with 37 CFR 1.111(b) because they amount to a 
general allegation that the claims define a patentable invention without 
specifically pointing out how the language of the claims patentably distinguishes 
them from the references. 

Claim Rejections - 35 USC § 102 

4. The following is a quotation of the appropriate paragraphs of 35 
U.S.C. 102 that form the basis for the rejections under this section made in this 
Office action: 

A person shall be entitled to a patent unless - 

(a) the invention was known or used by others in this country, or patented or described in a printed 
publication in this or a foreign country, before the invention thereof by the applicant for a patent. 
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5. Claims 10, 11, 14 and 18 are rejected under 35 U.S.C. 102(a) as being 
anticipated by Patent No. 5,933,498, Schneck et al. 

6. Regarding claim 10, Schneck shows a method for executing a security 
critical activity having at least one action, the security critical activity being 
executed by a security device connected to a computer with user involvement, 
the method comprising the steps of: 

7. User of the computer defining in a proxy letter a situation in which the 
proxy letter is allowed to handle a security critical activity (Schneck, col. 21, line 
26-27),. 

8. starting execution of an action of a security critical activity in a present 
situation (invoking process, Schneck, col. 19, line 47-49); 

9. determining, for the started action and the present situation and based on 
the proxy letter, whether (a) the proxy letter is allowed to handle the started 
action without direct user involvement (Schneck, col. 19, line 17) or (b) direct 
user involvement is required to handle the started action (user provide rules, 
Schneck, col. 19, line 64); 

10. when the started action is handled by the proxy letter or by direct user 
involvement, completing the started action and repeating the starting execution 
and 

1 1 . when started action is handled neither by the proxy letter nor by direct 
user involvement, stopping execution of the security critical activity (abort, 
Schneck, col. 18, line 38-41). 
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12. Regarding claim 11, Schneck show claim 10 above, and further show that 
the defining step includes the step of defining in the proxy letter situations in 
which the proxy letter is allowed to grant an action (Schneck, col. 20, line 19-2 1). 

13. Regarding claim 14, Schneck claim 10 above, and further show that 
determining step includes the steps of reading the proxy letter and requesting 
direct user involvement if the proxy letter is not allowed to handle the started 
action (Schneck, col. 20, line 3-5). 



Claim Rejections - 35 USC § 103 

14. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for 
all obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described 
as set forth in section 102 of this title, if the differences between the subject matter sought to 
be patented and the prior art are such that the subject matter as a whole would have been 
obvious at the time the invention was made to a person having ordinary skill in the art to which 
said subject matter pertains. Patentability shall not be negatived by the manner in which the 
invention was made. 

15. Claims 12, 13 rejected under 35 U.S.C. 103(a) as being unpatentable over 
Patent No. 5,933,498, Schneck et al. in view of Patent No. 5,845,068, Winiger. 
Regarding claim 1 2, Schneck show claim 1 0 above, but fail to further show that 

16. the defining step includes the step of defining in the proxy letter situations 
in which the proxy letter is allowed to prevent an action from being executed. 

17. However, Winiger teaches that service or resource is instantiated in 
computer memory a sensitivity label (proxy letter) is associated with the process, 
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service, or resource, and access by other processes running applications which 
also desire to access the resource, but which have a different clearance, is 
denied (prevent, Winiger, col. 2, line 51-54). 

18. Therefore, it would have been obvious to one of ordinary skill in the art at 
the time of the invention to modify Schneck as per teaching of Winiger such that 
to allow its use to simultaneously process a range of sensitive unclassified or 
classified information for a diverse set of users without violating access privileges 
(Winiger, col. 1 , line 42-45). 

19. Regarding claim 13, Schneck and Winiger claim 12 above, and further 
show comprising the steps of determining whether the proxy letter is allowed to 
prevent an action from being executed and stopping execution of the action when 
the action is one the proxy letter is allowed to prevent from being executed 
(enforce access, Winiger, col. 1, line 34-36). 

20. Claim 15 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
U.S. Patent No. 5,933,498, Schneck et al. in view of U.S. Patent Application 
Pubication No. 2001/0014839 A1 , Belanger et al. 

21 . Regarding claim 1 5, Schneck show claim 14 above, but fail to show 
following the step of requesting direct user involvement, further comprising the 
steps of waiting a predetermined period of time and, when direct user 
involvement has not occurred within the predetermined period of time, stopping 
execution of the security critical activity. 



Application/Control Number: 09/460,376 Page 6 

Art Unit: 2134 

22. Belanger teaches a time out feature to prevent access if the user has not 
exited the service or taken any other action for an extended period of time 
(Belanger, page 4, paragraph 0031). 

23. Therefore, it would have been obvious to one having ordinary skill in the 
art at the time of the invention that one would be motivated to modify Schneck as 
per teaching of Belanger in order to yield a process to prevent unauthorized user 
access (see Belanger, page 3 paragraph 0027). 

24. Claim 16 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
U.S. Patent No. 5,933,498, Schneck et a1. in view of Patent No. 6009518, 
Shiakallis. 

25. Regarding claim 16, Schneck shows claim 10 above, but fail to show the 
step of completing the started action comprises the step of logging whether the 
proxy letter or direct user involvement handled the action. 

26. Shiakallis teaches audits and tracks user activity, DOS directory access, 
program execution, attempted security violations, and date and time alterations. 
This also includes a report generator which can be individualized so that reports 
can be viewed on screen, printed or output to a file. (Shiakallis, col. 4, line 54- 
58). 

27. Therefore, it would have been obvious to one of ordinary skill in the art at 
the time of the invention to modify Schneck as per teaching of Shiakallis to gain 
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the benefit of improved security of stored information (Shiakallis, col. 1, line 55- 
56). 

28. Claims 17 and 19 rejected under 35 U.S.C. 103(a) as being unpatentable 
over Patent No. 5,933,498, Schneck et al. in view of Patent No. 5914472, 
Foladare et al. 

Regarding claim 17 and 19: 

29. Schneck teaches a method for executing a security critical activity having 
at least one action, the security critical activity being executed by a security 
device connected to a computer with user involvement for secure monetary 
transactions. Schneck does not teach the use of a transaction limit requiring 
user interaction. Foladare teaches a secure online transaction system using a 
threshold limit where an account holder must approve the transaction if a 
purchase exceeds the limit (Col 2, Lines 44-46, Foladare). It would have been 
obvious to a person of ordinary skill in the art at the time of invention to use the 
threshold limit necessitating user approval as taught by Foladare in the invention 
taught by Schneck. One of ordinary skill in the art would have been motivated to 
use the threshold limit necessitating user approval as taught by Foladare in the 
invention taught by Schneck because prompting the user for approval provides a 
greater level of security when dealing with higher value purchases. 



Conclusion 
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30. Any inquiry concerning this communication or earlier communications from 
the examiner should be directed to Jonathan R Adams whose telephone number 
is (571)272-3832. The examiner can normally be reached on Monday - Friday 
from 10am to 6pm. 

31 . If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Gregory Morse, can be reached on (703) 308-4789. The 
fax phone number for the organization where this application or proceeding is 
assigned is (571)272-3838. 

32. Any inquiry of a general nature or relating to the status of this application 
or proceeding should be directed to the receptionist whose telephone number is 
(703) 305-3900. 




